We already have Password Hash sync enabled and domain is federated but EnforceCloudPasswordPolicyForPasswordSyncedUser is set to False.
Do/Can we set EnforceCloudPasswordPolicyForPasswordSyncedUser for a federated domain, to match the password policy with on-prem.
I can run Set-MsolDirSyncFeature -Feature EnforceCloudPasswordPolicyForPasswordSyncedUsers -Enable $true but does that even do anything or will it create conflict if on-prem expiration policy is different for a federated domain.
Get-MsolPasswordPolicy -DomainName "contoso.com" command doesn't work and I would assume Set-MsolPasswordPolicy would also not work.
I can however run it for "contoso.onmicrosoft.com" which is a managed domain.
If EnforceCloudPasswordPolicyForPasswordSyncedUser is not to be used on federated, what happens when user only authenticates to an Enterprise Application but does not redirect to ADFS and is authenticated by Azure AD itself but on-prem password is expired.